CVE-2019-20411Cross-Site Request Forgery in Atlassian Jira Server

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 65.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira ServerAtlassian JiraAtlassian Jira Data Center
Timeline
PublishedJun 29
Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

NVDatlassian/jira_data_center7.7.07.13.9+1
CVEListV5atlassian/jira_serverunspecified7.13.9+2
NVDatlassian/jira_server8.0.08.4.2
NVDatlassian/jira< 7.13.9

🔴Vulnerability Details

2
GHSA
GHSA-pmcv-jjqh-3g6v: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF)2022-05-24
CVEList
CVE-2019-20411: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF)2020-06-29
CVE-2019-20411 — Cross-Site Request Forgery | cvebase